Essential values of the programme
The current ubiquity and volume of this data and how easy it is to obtain, along with the possibilities of data science, are opening up many perspectives in terms of providing services. However, it also makes it easy to segment the population and identify people and put them under surveillance. This poses many questions and challenges for society in general and public administrations in particular. The virtual dimension and the sovereignty of city residents in this area is a subject of interest because of the repercussions these aspects can have on the analogue world. Administrations have to be prepared and make an effort to design a consistent strategy in this area. This must make it possible to ensure democracy, people’s full rights and their confidence in public institutions.
Essential values
Municipal data is a strategic asset and a valuable resource that enables local government to carry out its mission and its programmes effectively. Appropriate access to municipal data significantly improves the value of the information and the return on the investment involved in generating it. In accordance with the “Barcelona Digital City” plan and its emphasis on public innovation, the digital economy and empowering city residents, this data-management strategy is based on the following considerations.
Within this context, this new management and use of data has to respect and comply with the essential values applicable to data. For Barcelona City Council, these values are:
-
Shared municipal knowledge. Municipal data, in its broadest sense, has a significant social dimension and provides the general public with past, present and future knowledge concerning the government, the city, society, the economy and the environment.
-
The strategic value of data. The council must manage data as a strategic value, with an innovative vision, in order to turn it into an intellectual asset for the organisation.
-
Geared towards results. Municipal data is also a means of ensuring the administration’s accountability and transparency, for managing services and investments and for maintaining and improving the performance of the economy, wealth and the general public’s well-being.
-
Data as a common asset. City residents and the common good have to be the central focus of the Municipality of Barcelona’s plans and technological platforms. Data is a source of wealth that empowers people who have access to it. Making it possible for city residents to control the data, minimising the digital gap and preventing discriminatory or unethical practices is the essence of municipal technological sovereignty.
-
Transparency and interoperability. Public institutions must be open, transparent and responsible towards the general public. Promoting openness and interoperability, subject to technical and legal requirements, increases the efficiency of operations, reduces costs, improves services, supports needs and increases public access to valuable municipal information. In this way, it also promotes public participation in government.
-
Reuse and open-source licences. Making municipal information accessible, usable by everyone by default, without having to ask for prior permission, and analysable by anyone who wishes to do so can foster entrepreneurship, social and digital innovation, jobs and excellence in scientific research, as well as improving the lives of Barcelona residents and making a significant contribution to the city’s stability and prosperity.
-
Quality and security. The city government must take firm steps to ensure and maximise the quality, objectivity, usefulness, integrity and security of municipal information before disclosing it, and maintain processes to effectuate requests for amendments to the publicly-available information.
-
Responsible organisation. Adding value to the data and turning it into an asset, with the aim of promoting accountability and citizens’ rights, requires new actions, new integrated procedures, so that the new platforms can grow in an organic, transparent and cross-departmental way. A comprehensive governance strategy makes it possible to promote this revision and avoid redundancies, increased costs, inefficiency and bad practices.
-
Care throughout the data’s life cycle. Paying attention to the management of municipal registers, from when they are created to when they are destroyed or preserved, is an essential part of data management and of promoting public responsibility. Being careful with the data throughout its life cycle combined with activities that ensure continued access to digital materials for as long as necessary, help with the analytic exploitation of the data, but also with the responsible protection of historic municipal government registers and safeguarding the economic and legal rights of the municipal government and the city’s residents.
-
Privacy “by design”. Protecting privacy is of maximum importance. The City Council has to consider and protect individual and collective privacy during the data life cycle, systematically and verifiably, as specified in the general regulation for data protection (Regulation 2016/679 of the European Parliament and of the Council) with particular emphasis on informed consent, minimisation of information and limiting to purpose, in an explainable, safe way and in accordance with the law.
-
Security. Municipal information is a strategic asset subject to risks, and it has to be managed in such a way as to minimise those risks. This includes privacy, data protection, algorithmic discrimination and cybersecurity risks that must be specifically established, promoting ethical and responsible data architecture, techniques for improving privacy and evaluating the social effects. Although security and privacy are two separate, independent fields, they are closely related, and it is essential for the units to take a coordinated approach in order to identify and manage cybersecurity and risks to privacy with applicable requirements and standards.
-
Technological sovereignty. When new equipment, IT resources or support infrastructures and services are planned, budgeted or purchased, the subsequent contracting process and specifications must be in line with the priorities of the “Barcelona Digital City” plan. In order to comply with the technological sovereignty objective set out in the Agile Digital Transformation Strategy and the digital service standards, especially for preventing dependency on suppliers (vendor lock-in), the following guidelines, which expand on the technology and innovation principles governing the Municipal Institute of Information Technology (IMI) are as follows: interoperability, agility, ethics and the opening up of knowledge and technologies (for both software and data).
-
Open standards. It is obligatory for the City Council’s digital services to use open standards, and in particular the content of the catalogue of standards from the Technical Interoperability Standard (as implemented under Royal Decree 4/2010) or the internationally accepted open standards that update, replace or complement these standards. Where no approved open standard exists in the required format, a proposed format shall be submitted pursuant to the applicable regulations and the requirements of the IMI’s open standards.
-
Agile methodology. The technological projects that are implemented for the management, analysis and dissemination of council data must preferably be carried out in accordance with the methodology defined in the Code of Technological Practices, published in the corresponding Barcelona City Council government measure in October 2017.
Data sovereignty
“Data sovereignty” is a concept linked to German constitutional law, people’s right to their own information (where digital information concerning an individual is not subject to the control of a third party, and in particular, of people or systems that treat data in a third country, with regulations that are alien to the location of that individual)
Most of the current concerns about data sovereignty refer to compliance with privacy regulations and preventing data stored in a foreign country from being intercepted by the government of the host country or of that government having access to it. But the concept of data sovereignty is broader than this international dimension and it involves the need for an individual to have control, at all times and in all relevant systems, over the collection, storage, use, transfer and publication of their data, whether it be of a technical, scientific, economic, social or personal nature.
Organisations increasingly adopt services based in foreign IT systems and, in particular, the cloud, in order to enjoy the benefits of not having to buy, manage, update and replace systems and applications. As one of the main objectives of using the cloud is to enable access to information and systems any time and anywhere, many organisations do not much care where their data is stored, or that it could escape from their control and be accessed by unauthorised persons or even made publicly available.
Data sovereignty presents technical and legal challenges when local systems and stores of third-party information are moved, particularly to the cloud.
In this context, the City Council’s information systems have to be determined and configured at all times, in order to guarantee the City Council’s sovereignty over its data, and in particular, over the (personal) data of the city’s residents, which is administered by the City Council for providing its services. The City Council has to have the ability, at all times, to access its data, process it and make “local” security copies. Furthermore the City Council’s organisations and bodies must always respect the applicable data protection regulations regarding the access to and treatment of data by third parties, as well as international data transfers.
The ethical use of data
Barcelona City Council is committed to the ethical use of data. This principle is structured in accordance with the following main values:
-
Transparency: at all times, both the City Council and the city’s residents know why and for whom the data is being collected, and the applicable measures for guaranteeing its ethical use.
-
Tracing: at all times the City Council knows the origin of the data, its permitted uses and the applicable restrictions.
-
Diligence: collaborators and the providers of data-related services comply with the same principles and obligations as the City Council, and the City Council oversees this compliance.
-
Privacy: any use of personal data must comply with data-protection regulations, and in particular with the principles applicable to its treatment, including fairness, integrity and accuracy, purpose limitation and data minimisation.
-
Trust: data must always be used in accordance with the general public’s expectations, and the City Council must implement control and feedback systems to gauge this compliance.
-
Responsibility: The City Council assumes responsibility for all data uses that are undertaken.
-
Benefit: the data must always be used for the benefit of city residents and society.
All projects that involve the processing of city data must comply with these principles.
Furthermore, many of today’s operations and decisions, which used to be carried out by human beings, are increasingly being delegated to algorithms, which can advise, if not decide, how the collected data should be interpreted and processed by information systems and what actions should be taken as a result. More and more often, these algorithms affect social processes, business transactions and governmental decisions, as well as the way we perceive, understand and interact with each other and our surroundings. The differences between the design and operation of these algorithms and our understanding of what they involve can have serious ethical consequences that affect individual people and groups of citizens. It is essential for the decisions made by the City Council using algorithms based on our data to be accountable (applying the concept of algorithmic accountability) and that they ensure the ethical principles of respecting rights, justice, the concept of fairness, well-being and virtue.
As part of this measure, a DMO working group will be set up to identify the subjects raised by algorithmic determinism relating to automated decisions taken by the City Council, and to identify the necessary measures for ensuring the following ethical principles, in order to determine if instruction on the subject will be needed in the future, with the aim of establishing applicable regulations for the ethical use of data and algorithms in Barcelona City Council.
-
Transparency: the right of city residents (including the staff of the City Council and related organisations) to be informed about automated decisions and their underlying algorithms.
-
Due process: the right of city residents to take action and initiate appeals relating to data processing and the automated decisions that affect them.
-
Accountability and proportionality: ensuring that automated decisions are fair and proportional, and that they do not prejudice city residents (in particular, that they are not discriminatory in any way).
Within this context, algorithmic accountability is supported by the transparency of the City Council’s open source code IT systems involved in decision-making (or for supporting decision-making). Wherever possible, projects based on data (data driven) will be able to check the algorithms using simulations based on city data. Likewise, using open source code or other means, third-party technology suppliers must reveal the underlying logic behind any IT process for automated decisions (or for supporting decision-making) pertaining to any of their systems used by the City Council.
Ethical values and principles must be considered as intrinsic features of the City Council’s data model and data governance, and the working group will help to build this data model and appropriate controls for its governance, and to establish a process for providing an ethical evaluation of any development project.